chore: update user create validator

05a5c59a · Steven · 734d5f3a · 05a5c59a · 05a5c59a · 05a5c59a
Commit 05a5c59a authored Aug 20, 2022 by Steven
Showing with 88 additions and 18 deletions

user.go api/user.go +20 -0

error.go common/error.go +0 -5

util.go common/util.go +9 -0

util_test.go common/util_test.go +31 -0

auth.go server/auth.go +10 -13

user.go server/user.go +18 -0

No files found.
--- a/api/user.go
+++ b/api/user.go
 package api
+import (
+	"fmt"
+	"github.com/usememos/memos/common"
+)
 // Role is the type of a role.
 type Role string
@@ -47,6 +53,20 @@ type UserCreate struct {
 	OpenID       string
 }
+func (create UserCreate) Validate() error {
+	if !common.ValidateEmail(create.Email) {
+		return fmt.Errorf("invalid email format")
+	}
+	if len(create.Email) < 6 {
+		return fmt.Errorf("email is too short, minimum length is 6")
+	}
+	if len(create.Password) < 6 {
+		return fmt.Errorf("password is too short, minimum length is 6")
+	}
+	return nil
+}
 type UserPatch struct {
 	ID int

--- a/common/error.go
+++ b/common/error.go
@@ -17,11 +17,6 @@ const (
 	NotFound       Code = 4
 	Conflict       Code = 5
 	NotImplemented Code = 6
-	// 101 ~ 199 db error
-	DbConnectionFailure    Code = 101
-	DbStatementSyntaxError Code = 102
-	DbExecutionError       Code = 103
 )
 // Error represents an application-specific error. Application errors can be

--- a/common/util.go
+++ b/common/util.go
 package common
 import (
+	"net/mail"
 	"strings"
 	"github.com/google/uuid"
@@ -16,6 +17,14 @@ func HasPrefixes(src string, prefixes ...string) bool {
 	return false
 }
+// ValidateEmail validates the email.
+func ValidateEmail(email string) bool {
+	if _, err := mail.ParseAddress(email); err != nil {
+		return false
+	}
+	return true
+}
 func GenUUID() string {
 	return uuid.New().String()
 }
--- a/common/util_test.go
+++ b/common/util_test.go
+package common
+import (
+	"testing"
+)
+func TestValidateEmail(t *testing.T) {
+	tests := []struct {
+		email string
+		want  bool
+	}{
+		{
+			email: "t@gmail.com",
+			want:  true,
+		},
+		{
+			email: "@qq.com",
+			want:  false,
+		},
+		{
+			email: "1@gmail",
+			want:  true,
+		},
+	}
+	for _, test := range tests {
+		result := ValidateEmail(test.email)
+		if result != test.want {
+			t.Errorf("Validate Email %s: got result %v, want %v.", test.email, result, test.want)
+		}
+	}
+}
--- a/server/auth.go
+++ b/server/auth.go
@@ -80,13 +80,15 @@ func (s *Server) registerAuthRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted signup request").SetInternal(err)
 		}
-		// Validate signup form.
+		userCreate := &api.UserCreate{
-		// We can do stricter checks later.
+			Email:    signup.Email,
-		if len(signup.Email) < 6 {
+			Role:     api.Role(signup.Role),
-			return echo.NewHTTPError(http.StatusBadRequest, "Email is too short, minimum length is 6.")
+			Name:     signup.Name,
+			Password: signup.Password,
+			OpenID:   common.GenUUID(),
 		}
-		if len(signup.Password) < 6 {
+		if err := userCreate.Validate(); err != nil {
-			return echo.NewHTTPError(http.StatusBadRequest, "Password is too short, minimum length is 6.")
+			return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format.").SetInternal(err)
 		}
 		passwordHash, err := bcrypt.GenerateFromPassword([]byte(signup.Password), bcrypt.DefaultCost)
@@ -94,13 +96,8 @@ func (s *Server) registerAuthRoutes(g *echo.Group) {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)
 		}
-		userCreate := &api.UserCreate{
+		userCreate.PasswordHash = string(passwordHash)
-			Email:        signup.Email,
-			Role:         api.Role(signup.Role),
-			Name:         signup.Name,
-			PasswordHash: string(passwordHash),
-			OpenID:       common.GenUUID(),
-		}
 		user, err := s.Store.CreateUser(ctx, userCreate)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to create user").SetInternal(err)

--- a/server/user.go
+++ b/server/user.go
@@ -16,11 +16,29 @@ import (
 func (s *Server) registerUserRoutes(g *echo.Group) {
 	g.POST("/user", func(c echo.Context) error {
 		ctx := c.Request().Context()
+		userID, ok := c.Get(getUserIDContextKey()).(int)
+		if !ok {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Missing auth session")
+		}
+		currentUser, err := s.Store.FindUser(ctx, &api.UserFind{
+			ID: &userID,
+		})
+		if err != nil {
+			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to find user by id").SetInternal(err)
+		}
+		if currentUser.Role != api.Host {
+			return echo.NewHTTPError(http.StatusUnauthorized, "Only Host user can create member.")
+		}
 		userCreate := &api.UserCreate{}
 		if err := json.NewDecoder(c.Request().Body).Decode(userCreate); err != nil {
 			return echo.NewHTTPError(http.StatusBadRequest, "Malformatted post user request").SetInternal(err)
 		}
+		if err := userCreate.Validate(); err != nil {
+			return echo.NewHTTPError(http.StatusBadRequest, "Invalid user create format.").SetInternal(err)
+		}
 		passwordHash, err := bcrypt.GenerateFromPassword([]byte(userCreate.Password), bcrypt.DefaultCost)
 		if err != nil {
 			return echo.NewHTTPError(http.StatusInternalServerError, "Failed to generate password hash").SetInternal(err)